If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Basic things you can find from an IP

Here I will outline some use full Unix and NT commands for finding out more information about a given COLOR=purpleIP. Some of these techniques will fail depending on firewall rule sets.

Items to be covered:

How do I find my own IP?
How do I find out if an IP is contactable?
How do I find out what organization owns an IP?
How do I find out what OS a box is running?
How do I find out what ports are open/services are running?
How do I tell who is logged in to that box?
Any good all in one tools?
How Do I find the NetBIOS name from the IP?
How Do I find the IP from the NetBIOS name?
How can I see the traffic going between two IPs on a switched network?

How do I find my own IP?

Because the IP your ISP's DHCP server hands you may not always be the same it is handy to be able to quickly find out what your IP is. Most of the time on a LAN the DHCP server will try to hand a machine the same IP it's MAC address received the last time it requested an address, but not always. To find out your host IP and other useful information use these commands.

Windows 9X/Me:

Use the "winipcfg" command, this will bring up a GUI dialog with all the info you will need.

The IP found using the instructions above is the IP your computers NIC (Network Interface Card) or modem has, if you are hooked to a home router or some other kind of NAT box the IP the world sees as you when you connect to other hosts will be different. To find you WAN IP (the IP the world sees when you are behind a NAT box or a Proxy) go to one of the following sites:

You can tell what OS a box is running in a few ways. Knowing what ports are open on the box will give you some good guesses (for instance port 6000 is used for X-windows, it being open probably means the box is running some kind of Unix). The easiest way to find this info is to use the "nmap" utility from http://www.insecure.org/nmap/ ( also available on the Knoppix Linux Boot CD ( http://www.knoppix.org/ ) or Trinux boot disk ( http://sourceforge.net/projects/trinux/ ) ) and do an OS fingerprint like so:

Notice the part in red indicate the likely OS. Be careful about using tools like "nmap", the site you are targeting may give your local admin a call asking why you are scanning their site. Also make sure your copy of Nmap is up to date so it has the newest OS fingerprints, the version I used in the above example is kind of old.

You can also find out sometimes by using the "What's that site running" cgi at Netcraft, which does a banner grab for you.

Telneting to the host and observing the intro may give you some info:

Red Hat Linux release 7.1 (Seawolf)
Kernel 2.4.2-2 on an i686
login:

and if they only have port 80 open you can telnet to that port and hit enter twice and observe the headers:

There are port scanners for Windows and Unix, "nmap" ( http://www.insecure.org/nmap/ and available on the Trinux boot disk) being my personal choice. Be careful about using tools like "nmap", the site you are targeting may give your local admin a call asking why you are scanning their site. See the above entry for an example of using nmap.

If you want to find out what ports are open on your local Windows box use the "netstat" command.

How can I see the traffic going between two points on a switched network?

Get the dsniff and ngrep packages, they come with Trinux (note: on Trinux use "arpredirect" instead of "arpspoof") or you can download them. Start up three terminals.

In the first terminal run :

arpspoof -t 1.1.1.1 2.2.2.2

In the 2nd one run :

arpspoof -t 2.2.2.2 1.1.1.1

Then run ngrep:

ngrep host 1.1.1.1|more

and watch the fun. Also try the "dsniff" command to see plaintext passwords that are passed between the two hosts. To find out more information visit my article on the basics of ARP spoofing at http://irongeek.com/i.php?page=security/arpspoof

Re: Basic things you can find from an IP

Here I will outline some use full Unix and NT commands for finding out more information about a given COLOR=purpleIP. Some of these techniques will fail depending on firewall rule sets.

Items to be covered:

How do I find my own IP?
How do I find out if an IP is contactable?
How do I find out what organization owns an IP?
How do I find out what OS a box is running?
How do I find out what ports are open/services are running?
How do I tell who is logged in to that box?
Any good all in one tools?
[/url]

Adrian scans someone elses box or a different box he owns..... Hmmmm.....

I'm not going to go on..... Your profile states you are in Louisville, (nice town BTW, been there a few times..... ), and your tutorial almost leads me to your doorstep.....

Sanitize, Sanitize, Sanitize......

Don\'t SYN us.... We\'ll SYN you..... \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Dude, my name is already all over my website and articles Iíve written else where. Most of this data you can find about my boxes in this tutorial is very old (check the Nmap version number). I did do a little to Sanitize this data some before I put up the tutorial, but a lot of the info it gives about me is stuff you could find by just doing a google search. When it comes to the net Iím not a very private person.

It might make little difference to you today.... You're the "Iron Geek"..... In a few years you will have an issue with your own privacy... trust me.... and everything you "give away" today will come back to haunt you then, because it will all still be there for the world to see..... I'm ex-special forces, (in the US...... the Brits don't put the word "special" on anything but the fewest men), and I can find you and certainly could drop you at 600 yards and you'd never see it coming.... But I'd survive about 3 seconds in a scrap with you I'm sure...... I'm a tad older now and a lot less fit and strong...

My post wasn't a condemnation of you per se, it was a lesson to others that may not be so laissez-faire and "invincible" as you are today that sanitization of what they post on the internet today will either "get" them today or it will "get" them tomorrow... Tutorials are there to teach.... Their responses can teach also.... I hope my response taught something to someone who hadn't thought about the consequences today or tomorrow.....

Don\'t SYN us.... We\'ll SYN you..... \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Thanks Tiger, I appreciate your concern. I did make some effort to obscure my IPs and the domain Iím coming from (though a little looking on the net will find such info). It has nothing to do with feeling "invincible" or macho now, I just find it unlikely that anyone would be interested enough to bother me physically. There are far more interesting folks to shoot at out there. Worse case likely scenario I see is some one messes with one of my boxes just to say he hacked to the guy on Antionline named Irongeek. Iím not that well know so I donít think many people would find that bragable. This might be a good topic for another thread, I think Iíll start on. Thanks for giving me something to think about.

You definately know how to write your tuts Iron, this is all great stuff. One suggestion: How about bolding those questions throughout the tut? They serve as good headers, and for someone like me who's scanning through the whole thing for certain info, that would help speed things up and enhance the organized look of the tut.

You'd be surprised how information you give away today can come back to "haunt" you tomorrow... I haven't done it yet, though I know where I have made my "mistakes" that could lead you to my door..... But I know more than one person who has had it lead back.... including an identity theft, (ok, they weren't "smart"), but it happened.....

Maybe, your tutorial will teach others about something it wasn't intended to.... either way, it was a good tutorial......

Don\'t SYN us.... We\'ll SYN you..... \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Originally posted here by AngelicKnight You definately know how to write your tuts Iron, this is all great stuff. One suggestion: How about bolding those questions throughout the tut? They serve as good headers, and for someone like me who's scanning through the whole thing for certain info, that would help speed things up and enhance the organized look of the tut.